Disable use of StrongBox for encryption
Until VerificationTokens are wired up, StrongBox can't work. Also, this will reduce complications for early StrongBox testing. Bug: 77338527 Test: Boot the device Change-Id: I44a1577c388703aeecb2886e7db52084c17e2afd
This commit is contained in:
Shawn Willden
nagendra modadugu
parent
385cb8c4d6
commit
c1903ad3d6
1 changed files with 10 additions and 2 deletions
|
|
@ -25,6 +25,7 @@ namespace vold {
|
|||
|
||||
using ::android::hardware::hidl_string;
|
||||
using ::android::hardware::hidl_vec;
|
||||
using ::android::hardware::keymaster::V4_0::SecurityLevel;
|
||||
|
||||
KeymasterOperation::~KeymasterOperation() {
|
||||
if (mDevice) mDevice->abort(mOpHandle);
|
||||
|
|
@ -97,8 +98,15 @@ bool KeymasterOperation::finish(std::string* output) {
|
|||
|
||||
Keymaster::Keymaster() {
|
||||
auto devices = KmDevice::enumerateAvailableDevices();
|
||||
if (devices.empty()) return;
|
||||
mDevice = std::move(devices[0]);
|
||||
for (auto& dev : devices) {
|
||||
// Explicitly avoid using STRONGBOX for now.
|
||||
// TODO: Re-enable STRONGBOX, since it's what we really want. b/77338527
|
||||
if (dev->halVersion().securityLevel != SecurityLevel::STRONGBOX) {
|
||||
mDevice = std::move(dev);
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!mDevice) return;
|
||||
auto& version = mDevice->halVersion();
|
||||
LOG(INFO) << "Using " << version.keymasterName << " from " << version.authorName
|
||||
<< " for encryption. Security level: " << toString(version.securityLevel)
|
||||
|
|
|
|||
Loading…
Reference in a new issue